issue with krb5_prompter_posix() design
Will Fiveash
will.fiveash at oracle.com
Thu Apr 15 16:56:30 EDT 2010
On Thu, Apr 15, 2010 at 04:27:47PM -0400, Greg Hudson wrote:
> On Thu, 2010-04-15 at 16:23 -0400, Will Fiveash wrote:
> > Seems to me the PAM approach is better since it's acquiring the reply.
> > Anyway this is adding complication to the prompter bridge function I
> > wrote in pam_krb5 to allow preauth plug-ins like pkinit to prompt via a
> > PAM conversation function.
>
> I agree that the PAM approach is better, but since this is a public
> interface, I don't see any way of getting from here to there without
> more pain than the benefit justifies.
>
> (Barring some kind of generalized krb5 API revamp, anyway--not a venture
> I'm prepared to charge ahead on while there are so many internals to
> clean up.)
Yeah, I noticed krb5_prompter_posix() was a public interface and had a
feeling I'd get the above reponse. Not a big problem now that I'm aware
of this issue but I thought I'd mention it anyway as it may be a source
of memory leaks for others.
--
Will Fiveash
Oracle
Note my new work e-mail address: will.fiveash at oracle.com
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
More information about the krbdev
mailing list